From 834364ce114da6735f53b5c5b617955906e4e470 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 21 Sep 2023 12:10:39 -0400
Subject: [PATCH 1/2] crl: rm `Budget` from `verify_signature` fn

The `CertificateRevocationList` trait is part of our public API and so
the `verify_signature` fn within it can't have new arguments introduced
in a semver compatible way in this 0.101.x release stream. We broke
this contract when we added the `Budget` argument.

This commit removes the `Budget` argument and updates `verify_cert` to
consume signature budget before calling `verify_signature`. This
maintains semver and we can implement better long term solutions in the
next release.
---
 src/crl.rs         | 7 ++-----
 src/verify_cert.rs | 8 ++++++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/crl.rs b/src/crl.rs
index 25a4997c..1111383c 100644
--- a/src/crl.rs
+++ b/src/crl.rs
@@ -43,7 +43,6 @@ pub trait CertRevocationList: Sealed {
         &self,
         supported_sig_algs: &[&SignatureAlgorithm],
         issuer_spki: &[u8],
-        budget: &mut Budget,
     ) -> Result<(), Error>;
 }
 
@@ -87,13 +86,12 @@ impl CertRevocationList for OwnedCertRevocationList {
         &self,
         supported_sig_algs: &[&SignatureAlgorithm],
         issuer_spki: &[u8],
-        budget: &mut Budget,
     ) -> Result<(), Error> {
         signed_data::verify_signed_data(
             supported_sig_algs,
             untrusted::Input::from(issuer_spki),
             &self.signed_data.borrow(),
-            budget,
+            &mut Budget::default(),
         )
     }
 }
@@ -333,13 +331,12 @@ impl CertRevocationList for BorrowedCertRevocationList<'_> {
         &self,
         supported_sig_algs: &[&SignatureAlgorithm],
         issuer_spki: &[u8],
-        budget: &mut Budget,
     ) -> Result<(), Error> {
         signed_data::verify_signed_data(
             supported_sig_algs,
             untrusted::Input::from(issuer_spki),
             &self.signed_data,
-            budget,
+            &mut Budget::default(),
         )
     }
 }
diff --git a/src/verify_cert.rs b/src/verify_cert.rs
index 9fcd280e..d188c5e8 100644
--- a/src/verify_cert.rs
+++ b/src/verify_cert.rs
@@ -205,7 +205,7 @@ fn check_signed_chain_name_constraints(
     Ok(())
 }
 
-pub struct Budget {
+pub(crate) struct Budget {
     signatures: usize,
     build_chain_calls: usize,
     name_constraint_comparisons: usize,
@@ -294,7 +294,11 @@ fn check_crls(
     // TODO(XXX): consider whether we can refactor so this happens once up-front, instead
     //            of per-lookup.
     //            https://github.com/rustls/webpki/issues/81
-    crl.verify_signature(supported_sig_algs, issuer_spki.as_slice_less_safe(), budget)
+    // Note: The `verify_signature` method is part of a public trait in the exported API.
+    //       We can't add a budget argument to that fn in a semver compatible way and so must
+    //       consume signature budget here before calling verify_signature.
+    budget.consume_signature()?;
+    crl.verify_signature(supported_sig_algs, issuer_spki.as_slice_less_safe())
         .map_err(crl_signature_err)?;
 
     // Verify that if the issuer has a KeyUsage bitstring it asserts cRLSign.

From d43c7a853c29b5a1869b3224c9df49189f1e3c51 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 21 Sep 2023 12:14:08 -0400
Subject: [PATCH 2/2] Cargo: v0.101.5 -> v0.101.6

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 0bc5314f..d2d26978 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,7 +21,7 @@ license = "ISC"
 name = "rustls-webpki"
 readme = "README.md"
 repository = "https://github.com/rustls/webpki"
-version = "0.101.5"
+version = "0.101.6"
 
 include = [
     "Cargo.toml",